While this isn’t a phishing attempt or outright fraud, it’s at best a hidden—and therefore misleading—marketing attempt we want you to be aware of.
Cybersecurity News
The Office of Cybersecurity manages the university’s risk-reduction efforts through data protection, ongoing diagnostics, cybersecurity awareness training and policies and procedures to safeguard intellectual property and sensitive information.
Scam alert: phishing attempts to access NetID & MFA-Duo credentials
Beware of phishing attempts to access your MFA-Duo credentials. If you fall for the scam, criminals could then attempt to reroute your direct deposit information.
10/20 phishing alert! Subject: “[Not Virus Scanned] 16.89 % Salary Increase Letter 20 October 2023”
There’s an active phishing campaign on campus in which the attacker impersonates a payroll & employees relations specialist sending information about a pay increase. The email asks recipients to click an attached PDF.
Enter the Cybersecurity Awareness Month meme contest
Who, meme? Yes, you! Showcase your creativity, humor and cybersecurity awareness for a chance to have your meme displayed in the next TechNews!
8/19 phishing alert! Subject: “Open position & student welfare”
Watch out for an active phishing campaign on campus in which the attacker offers a a part-time, work-from-home job.
4/7 phishing alert! Subject: “Alert: Possible Exposure to Monkeypox Virus at the University”
In an active phishing campaign to UW email addresses, scammers prompt you to enter your NetID and password on a fake profile page. The scammers then use this information to change your direct deposit information.
LastPass update & recommendations
LastPass is a password manager available to faculty, staff and students. Though LastPass experienced a security incident late last year, we believe using it continues to be low risk.
Tips to avoid tax season fraud
Don’t get scammed by IRS impersonators or make a poor choice on tax preparers. Protect your money and personal information with these tips. And a reminder: Take these steps if you get a suspicious email.
Cybersecurity Announcement: Pre-authenticated RCE Vulnerability in Microsoft Windows SPNEGO Extended Negotiation Security Mechanism
Microsoft has recently revised the severity for SPNEGO Extended Negotiation security mechanism (NEGOEX) vulnerability to critical from its previous High severity from the September 2022 patch release. The vulnerability is being tracked as CVE-2022-37958.
11/29 phishing alert! Subject: “Your $3500 from The University of Wisconsin”
There’s an active phishing campaign on campus in which the attacker impersonates a benefits specialist offering a $3,500 end-of-year bonus. The email asks recipients to click a link leading to a fake benefits site where they’re prompted to enter login information.